mirror of
https://github.com/topjohnwu/Magisk.git
synced 2024-12-22 07:57:39 +00:00
Update documentation
This commit is contained in:
parent
716f06846b
commit
fbb4f85ef0
@ -24,7 +24,7 @@ Here are some feature highlights:
|
|||||||
## Useful Links
|
## Useful Links
|
||||||
|
|
||||||
- [Installation Instruction](https://topjohnwu.github.io/Magisk/install.html)
|
- [Installation Instruction](https://topjohnwu.github.io/Magisk/install.html)
|
||||||
- [OTA Upgrade Guide](https://topjohnwu.github.io/Magisk/ota.html)
|
- [Frequently Asked Questions](https://topjohnwu.github.io/Magisk/faq.html)
|
||||||
- [Full Official Docs](https://topjohnwu.github.io/Magisk/)
|
- [Full Official Docs](https://topjohnwu.github.io/Magisk/)
|
||||||
- [Magisk Troubleshoot Wiki](https://www.didgeridoohan.com/magisk/HomePage) (by [@Didgeridoohan](https://github.com/Didgeridoohan))
|
- [Magisk Troubleshoot Wiki](https://www.didgeridoohan.com/magisk/HomePage) (by [@Didgeridoohan](https://github.com/Didgeridoohan))
|
||||||
|
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
# Magisk Documentation
|
# Magisk Documentation
|
||||||
(Updated on 2020.3.23)
|
(Updated on 2020.10.2)
|
||||||
|
|
||||||
- [Installation Instructions](install.md)
|
- [Installation Instructions](install.md)
|
||||||
- [OTA Upgrade Guides](ota.md)
|
- [Frequently Asked Questions](faq.md)
|
||||||
|
|
||||||
The following sections are for developers
|
The following sections are for developers
|
||||||
|
|
||||||
|
20
docs/boot.md
20
docs/boot.md
@ -30,12 +30,12 @@ Method | Initial rootdir | Final rootdir
|
|||||||
- Devices that does not fall in any of Method B and C's criteria
|
- Devices that does not fall in any of Method B and C's criteria
|
||||||
- **Method B - Legacy SAR**: This method was first seen on Pixel 1. The kernel directly mounts the `system` partition as rootdir and exec `/init` to boot.
|
- **Method B - Legacy SAR**: This method was first seen on Pixel 1. The kernel directly mounts the `system` partition as rootdir and exec `/init` to boot.
|
||||||
- Devices with `(LV = 28)`
|
- Devices with `(LV = 28)`
|
||||||
- Google: Pixel 1 and 2. Pixel 3 and 3a with `(RV = 28)` only.
|
- Google: Pixel 1 and 2. Pixel 3 and 3a when `(RV = 28)`.
|
||||||
- OnePlus: 5T - 7
|
- OnePlus: 6 - 7
|
||||||
- Maybe some `(LV < 29)` Android Go devices?
|
- Maybe some `(LV < 29)` Android Go devices?
|
||||||
- **Method C - 2SI ramdisk SAR**: This method was first seen on Pixel 3 Android 10 developer preview. The kernel uses `initramfs` as rootdir and exec `/init` in `rootfs`. This `init` is responsible to mount the `system` partition and use it as the new rootdir, then finally exec `/system/bin/init` to boot.
|
- **Method C - 2SI ramdisk SAR**: This method was first seen on Pixel 3 Android 10 developer preview. The kernel uses `initramfs` as rootdir and exec `/init` in `rootfs`. This `init` is responsible to mount the `system` partition and use it as the new rootdir, then finally exec `/system/bin/init` to boot.
|
||||||
- Devices with `(LV >= 29)`
|
- Devices with `(LV >= 29)`
|
||||||
- Devices with `(LV < 28, RV >= 29)`, excluding exceptions that were using Method B
|
- Devices with `(LV < 28, RV >= 29)`, excluding those that were already using Method B
|
||||||
- Google: Pixel 3 and 3a with `(RV >= 29)`
|
- Google: Pixel 3 and 3a with `(RV >= 29)`
|
||||||
|
|
||||||
### Discussion
|
### Discussion
|
||||||
@ -47,7 +47,7 @@ However for Magisk, the real difference lies in what the device ends up using wh
|
|||||||
The criteria for Method C is a little complicated, in layman's words: either your device is modern enough to launch with Android 10+, or you are running an Android 10+ custom ROM on a device that was using Method A.
|
The criteria for Method C is a little complicated, in layman's words: either your device is modern enough to launch with Android 10+, or you are running an Android 10+ custom ROM on a device that was using Method A.
|
||||||
|
|
||||||
- Any Method A device running Android 10+ will automatically be using Method C
|
- Any Method A device running Android 10+ will automatically be using Method C
|
||||||
- **Method B devices are stuck with Method B**, maybe only with the exception of Pixel 3 and 3a, which Google retrofitted the device to adapt the new method.
|
- **Method B devices are stuck with Method B**, with the only exception being Pixel 3 and 3a, which Google retrofitted the device to adapt the new method.
|
||||||
|
|
||||||
SAR is a very important part of [Project Treble](https://source.android.com/devices/architecture#hidl) as rootdir should be tied to the platform. This is also the reason why Method B and C comes with `(LV >= ver)` criterion as Google has enforced all OEMs to comply with updated requirements every year.
|
SAR is a very important part of [Project Treble](https://source.android.com/devices/architecture#hidl) as rootdir should be tied to the platform. This is also the reason why Method B and C comes with `(LV >= ver)` criterion as Google has enforced all OEMs to comply with updated requirements every year.
|
||||||
|
|
||||||
@ -57,7 +57,9 @@ When Google released the first generation Pixel, it also introduced [A/B (Seamle
|
|||||||
|
|
||||||
Let's go back in time when Google is first designing A/B. If using SAR (only Boot Method B exists at that time), the kernel doesn't need `initramfs` to boot Android (because rootdir is in `system`). This mean we can be smart and just stuff the recovery ramdisk (containing the minimalist Linux environment) into `boot`, remove `recovery`, and let the kernel pick whichever rootdir to use (ramdisk or `system`) based on information from the bootloader.
|
Let's go back in time when Google is first designing A/B. If using SAR (only Boot Method B exists at that time), the kernel doesn't need `initramfs` to boot Android (because rootdir is in `system`). This mean we can be smart and just stuff the recovery ramdisk (containing the minimalist Linux environment) into `boot`, remove `recovery`, and let the kernel pick whichever rootdir to use (ramdisk or `system`) based on information from the bootloader.
|
||||||
|
|
||||||
As time passed from Android 7.1 to Android 10, Google introduced [Dynamic Partitions](https://source.android.com/devices/tech/ota/dynamic_partitions/implement). This is bad news for SAR, because the Linux kernel cannot understand this new partition format, thus unable to directly use `system` as rootdir. This is when they came up with Boot Method C: always boot into `initramfs`, and let userspace handle the rest of booting.
|
As time passed from Android 7.1 to Android 10, Google introduced [Dynamic Partitions](https://source.android.com/devices/tech/ota/dynamic_partitions/implement). This is bad news for SAR, because the Linux kernel cannot directly understand this new partition format, thus unable to directly mount `system` as rootdir. This is when they came up with Boot Method C: always boot into `initramfs`, and let userspace handle the rest of booting. This includes deciding whether to boot into Android or recovery, or as they officially call: `USES_RECOVERY_AS_BOOT`.
|
||||||
|
|
||||||
|
Some modern devices using A/B with 2SI also comes with `recovery_a/_b` partitions. This is officially supported with Google's standard. These devices will then only use the boot ramdisk to boot into Android as recovery is stored on a separate partition.
|
||||||
|
|
||||||
## Piecing Things Together
|
## Piecing Things Together
|
||||||
|
|
||||||
@ -66,10 +68,9 @@ With all the knowledge above, now we can categorize all Android devices into the
|
|||||||
Type | Boot Method | Partition | 2SI | Ramdisk in `boot`
|
Type | Boot Method | Partition | 2SI | Ramdisk in `boot`
|
||||||
:---: | :---: | :---: | :---: | :---:
|
:---: | :---: | :---: | :---: | :---:
|
||||||
**I** | A | A-only | No | `boot` ramdisk
|
**I** | A | A-only | No | `boot` ramdisk
|
||||||
**II** | B | A/B | No | `recovery` ramdisk
|
**II** | B | A/B | Any | `recovery` ramdisk
|
||||||
**III** | B | A-only | No | ***N/A***
|
**III** | B | A-only | Any | ***N/A***
|
||||||
**IV** | C | Any | Yes | Hybrid ramdisk
|
**IV** | C | Any | Yes | Hybrid ramdisk
|
||||||
**II\* / III\*** | B | II / III | Yes | II / III
|
|
||||||
|
|
||||||
These types are ordered chronologically by the time they were first available.
|
These types are ordered chronologically by the time they were first available.
|
||||||
|
|
||||||
@ -77,8 +78,7 @@ These types are ordered chronologically by the time they were first available.
|
|||||||
- **Type II**: Legacy A/B devices. Pixel 1 is the first device of this type, being both the first A/B and SAR device
|
- **Type II**: Legacy A/B devices. Pixel 1 is the first device of this type, being both the first A/B and SAR device
|
||||||
- **Type III**: Late 2018 - 2019 devices that are A-only. **The worst type of device to ever exist as far as Magisk is concerned.**
|
- **Type III**: Late 2018 - 2019 devices that are A-only. **The worst type of device to ever exist as far as Magisk is concerned.**
|
||||||
- **Type IV**: All devices using Boot Method C are Type IV. A/B Type IV ramdisk can boot into either Android or recovery based on info from bootloader; A-only Type IV ramdisk can only boot into Android.
|
- **Type IV**: All devices using Boot Method C are Type IV. A/B Type IV ramdisk can boot into either Android or recovery based on info from bootloader; A-only Type IV ramdisk can only boot into Android.
|
||||||
- **Type \***: Type II* and III* are Boot Method B devices running on Android 10+ (2SI). **They are NOT new device types**. In Magisk the code treat them drastically different due to complicated reasons, hence mentioning them here.
|
|
||||||
|
|
||||||
Further details on Type III devices: Magisk is always installed in the ramdisk of a boot image. For all other device types, because their `boot` partition have ramdisk included, Magisk can be easily installed by patching boot image through Magisk Manager or flash zip in custom recovery. However for Type III devices, they are **limited to install Magisk into the `recovery` partition**. Magisk will not function when booted normally; instead Type III device owners have to always reboot to recovery to maintain Magisk access.
|
Further details on Type III devices: Magisk is always installed in the ramdisk of a boot image. For all other device types, because their `boot` partition have ramdisk included, Magisk can be easily installed by patching boot image through Magisk Manager or flash zip in custom recovery. However for Type III devices, they are **limited to install Magisk into the `recovery` partition**. Magisk will not function when booted normally; instead Type III device owners have to always reboot to recovery to maintain Magisk access.
|
||||||
|
|
||||||
Some Type III devices' bootloader will still accept and provide `initramfs` manually added to `boot` image to the kernel (e.g. some Xiaomi phones), but many device don't (e.g. Samsung S10, Note 10). It solely depends on how the OEM implements its bootloader.
|
Some Type III devices' bootloader will still accept and provide `initramfs` that was manually added to the `boot` image to the kernel (e.g. some Xiaomi phones), but many device don't (e.g. Samsung S10, Note 10). It solely depends on how the OEM implements its bootloader.
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# Deployment
|
# Deployment
|
||||||
(Note: This is not a user tutorial for installing Magisk, this is an explaination of how Magisk can be installed, and a guide for developers to properly deploy Magisk in various different situations)
|
(Note: This is not a user tutorial for installing Magisk, this is an explanation of how Magisk can be installed, and a guide for developers to properly deploy Magisk in various different situations)
|
||||||
|
|
||||||
## Systemless
|
## Systemless
|
||||||
When a user flashes a Magisk zip in custom recoveries or have boot images patched in Magisk Manager, Magisk is installed in the systemless fashion. This is the only officially supported method to install Magisk on a device. The systemless method installs Magisk into a boot image's ramdisk CPIO, sometimes require additional patches to the kernel.
|
When a user flashes a Magisk zip in custom recoveries or have boot images patched in Magisk Manager, Magisk is installed in the systemless fashion. This is the only officially supported method to install Magisk on a device. The systemless method installs Magisk into a boot image's ramdisk CPIO, sometimes require additional patches to the kernel.
|
||||||
|
@ -1,43 +1,54 @@
|
|||||||
# Internal Details
|
# Internal Details
|
||||||
|
|
||||||
## File Structure
|
## File Structure
|
||||||
### Paths in "sbin tmpfs overlay"
|
|
||||||
One of Magisk's breakthrough designs is sbin tmpfs overlay. It is required to support system-as-root devices, and also is the key to hiding Magisk from detection. All Magisk binaries, applets, mirrors, and other trivial stuffs are all located in the `tmpfs` mounted on `/sbin`. MagiskHide can just simply unmount `/sbin` and the bind mounts to hide all modifications easily.
|
### Paths in "Magisk tmpfs directory"
|
||||||
|
|
||||||
|
Magisk will mount a `tmpfs` directory to store some temporary data. For devices with the `/sbin` folder, it will be chosen as it will also act as an overlay to inject binaries into `PATH`. From Android 11 onwards, the `/sbin` folder might not exist, so Magisk will randomly create a folder under `/dev` and use it as the base folder.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
# In order to get the current base folder Magisk is using,
|
||||||
|
# use the command `magisk --path`.
|
||||||
# Binaries like magisk, magiskinit, and all symlinks to
|
# Binaries like magisk, magiskinit, and all symlinks to
|
||||||
# applets are directly stored in /sbin, so they
|
# applets are directly stored in this path. This means when
|
||||||
# are all in PATH for apps and shell to access them
|
# this is /sbin, these binaries will be directly in PATH.
|
||||||
|
MAGISKPATH=$(magisk --path)
|
||||||
|
|
||||||
# Magisk internal stuffs
|
# Magisk internal stuffs
|
||||||
MAGISKTMP=/sbin/.magisk
|
MAGISKTMP=$MAGISKBASE/.magisk
|
||||||
|
|
||||||
# Magisk BusyBox path
|
# Magisk's BusyBox directory. Within this folder stores
|
||||||
BBPATH=$MAGISKTMP/busybox
|
# the busybox binary and symlinks to all of its applets.
|
||||||
|
# Any usage of this directory is deprecated, please
|
||||||
|
# directly call /data/adb/magisk/busybox and use
|
||||||
|
# BusyBox's ASH Standalone mode.
|
||||||
|
# The creation of this path will be removed in the future.
|
||||||
|
$MAGISKTMP/busybox
|
||||||
|
|
||||||
# /data/adb/modules will be bind mounted here
|
# /data/adb/modules will be bind mounted here.
|
||||||
|
# The original folder is not used due to nosuid mount flag.
|
||||||
$MAGISKTMP/modules
|
$MAGISKTMP/modules
|
||||||
|
|
||||||
# The configuration used in last installation
|
# The current Magisk installation config
|
||||||
$MAGISKTMP/config
|
$MAGISKTMP/config
|
||||||
|
|
||||||
# Partition mirrors.
|
# Partition mirrors
|
||||||
# There would be system, vendor, data, and possibly product
|
# Each directory in this path will be mounted with the
|
||||||
# in this directory, each is the mirror to the name of the partition
|
# partition of its directory name.
|
||||||
|
# e.g. system, system_ext, vendor, data ...
|
||||||
$MAGISKTMP/mirror
|
$MAGISKTMP/mirror
|
||||||
|
|
||||||
|
# Block devices Magisk creates internally to mount mirrors.
|
||||||
|
$MAGISKTMP/block
|
||||||
|
|
||||||
# Root directory patch files
|
# Root directory patch files
|
||||||
# On system-as-root devices, / is not writable.
|
# On system-as-root devices, / is not writable.
|
||||||
# All patched files are stored here and bind mounted at boot.
|
# All pre-init patched files are stored here and bind mounted.
|
||||||
$MAGISKTMP/rootdir
|
$MAGISKTMP/rootdir
|
||||||
|
|
||||||
# The patched sepolicy file on system-as-root devices.
|
|
||||||
# This is required as /sepolicy does not exist
|
|
||||||
# on those devices and / is not writable.
|
|
||||||
/sbin/.se
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
### Paths in `/data`
|
### Paths in `/data`
|
||||||
|
|
||||||
Some binaries and files should be stored on non-volatile storages in `/data`. In order to prevent detection, everything has to be stored somewhere safe and undetectable in `/data`. The folder `/data/adb` was chosen because of the following advantages:
|
Some binaries and files should be stored on non-volatile storages in `/data`. In order to prevent detection, everything has to be stored somewhere safe and undetectable in `/data`. The folder `/data/adb` was chosen because of the following advantages:
|
||||||
|
|
||||||
- It is an existing folder on modern Android, so it cannot be used as an indication of the existence of Magisk.
|
- It is an existing folder on modern Android, so it cannot be used as an indication of the existence of Magisk.
|
||||||
@ -66,31 +77,36 @@ $SECURE_DIR/modules_update
|
|||||||
# Database storing settings and root permissions
|
# Database storing settings and root permissions
|
||||||
MAGISKDB=$SECURE_DIR/magisk.db
|
MAGISKDB=$SECURE_DIR/magisk.db
|
||||||
|
|
||||||
# All magisk related binaries, containing busybox,
|
# All magisk related binaries, including busybox,
|
||||||
# scripts, and magisk binaries. Used in supporting
|
# scripts, and magisk binaries. Used in supporting
|
||||||
# module installation, addon.d, Magisk Manager etc.
|
# module installation, addon.d, Magisk Manager etc.
|
||||||
# This folder will be bind mounted to $BINMIRROR
|
|
||||||
DATABIN=$SECURE_DIR/magisk
|
DATABIN=$SECURE_DIR/magisk
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
## Magisk Booting Process
|
## Magisk Booting Process
|
||||||
|
|
||||||
### Pre-Init
|
### Pre-Init
|
||||||
|
|
||||||
`magiskinit` will replace `init` as the first program to run.
|
`magiskinit` will replace `init` as the first program to run.
|
||||||
|
|
||||||
- Early mount required partitions. On system-as-root devices, we will switch root to system
|
- Early mount required partitions. On legacy system-as-root devices, we switch root to system; on 2SI devices, we patch fstab and execute the original `init` to mount partitions for us.
|
||||||
- Inject magisk services into `init.rc`
|
|
||||||
- Load sepolicy either from `/sepolicy`, precompiled sepolicy in vendor, or compile split sepolicy
|
- Load sepolicy either from `/sepolicy`, precompiled sepolicy in vendor, or compile split sepolicy
|
||||||
- Patch sepolicy rules and dump to `/sepolicy` or `/sbin/.se` and patch `init` or `libselinux.so` to load the patched policies
|
- Patch sepolicy rules and dump to `/sepolicy` or `/sbin/.se` or `/dev/.se`
|
||||||
- Execute the original `init` to start the ordinary boot process
|
- Patch `init` or `libselinux.so` to force the system to load the patched policies
|
||||||
|
- Inject magisk services into `init.rc`
|
||||||
|
- Execute the original `init` to continue the boot process
|
||||||
|
|
||||||
### post-fs-data
|
### post-fs-data
|
||||||
This triggers on `post-fs-data` when `/data` is properly decrypted (if required) and mounted. The daemon `magiskd` will be launched, post-fs-data scripts are executed, and module files are magic mounted.
|
|
||||||
|
This triggers on `post-fs-data` when `/data` is decrypted and mounted. The daemon `magiskd` will be launched, post-fs-data scripts are executed, and module files are magic mounted.
|
||||||
|
|
||||||
### late_start
|
### late_start
|
||||||
Later in the booting process, the class `late_start` will be triggered, and Magisk "service" mode will be started. In this mode, service scripts are executed, and it will try to install Magisk Manager if it doesn't exist.
|
|
||||||
|
Later in the booting process, the class `late_start` will be triggered, and Magisk "service" mode will be started. In this mode, service scripts are executed.
|
||||||
|
|
||||||
## Resetprop
|
## Resetprop
|
||||||
|
|
||||||
Usually, system properties are designed to only be updated by `init` and read-only to non-root processes. With root you can change properties by sending requests to `property_service` (hosted by `init`) using commands such as `setprop`, but changing read-only props (props that start with `ro.` like `ro.build.product`) and deleting properties are still prohibited.
|
Usually, system properties are designed to only be updated by `init` and read-only to non-root processes. With root you can change properties by sending requests to `property_service` (hosted by `init`) using commands such as `setprop`, but changing read-only props (props that start with `ro.` like `ro.build.product`) and deleting properties are still prohibited.
|
||||||
|
|
||||||
`resetprop` is implemented by distilling out the source code related to system properties from AOSP and patched to allow direct modification to property area, or `prop_area`, bypassing the need to go through `property_service`. Since we are bypassing `property_service`, there are a few caveats:
|
`resetprop` is implemented by distilling out the source code related to system properties from AOSP and patched to allow direct modification to property area, or `prop_area`, bypassing the need to go through `property_service`. Since we are bypassing `property_service`, there are a few caveats:
|
||||||
@ -99,16 +115,21 @@ Usually, system properties are designed to only be updated by `init` and read-on
|
|||||||
- persist properties (props that starts with `persist.`, like `persist.sys.usb.config`) are stored in both `prop_area` and `/data/property`. By default, deleting props will **NOT** remove it from persistent storage, meaning the property will be restored after the next reboot; reading props will **NOT** read from persistent storage, as this is the behavior of `getprop`. With the flag `-p`, deleting props will remove the prop in **BOTH** `prop_area` and `/data/property`, and reading props will be read from **BOTH** `prop_area` and persistent storage.
|
- persist properties (props that starts with `persist.`, like `persist.sys.usb.config`) are stored in both `prop_area` and `/data/property`. By default, deleting props will **NOT** remove it from persistent storage, meaning the property will be restored after the next reboot; reading props will **NOT** read from persistent storage, as this is the behavior of `getprop`. With the flag `-p`, deleting props will remove the prop in **BOTH** `prop_area` and `/data/property`, and reading props will be read from **BOTH** `prop_area` and persistent storage.
|
||||||
|
|
||||||
## Magic Mount
|
## Magic Mount
|
||||||
I will skip the details in the actual implementation and algorithm of Magic Mount, but you can always directly dive into the source code if interested. (`bootstages.cpp`)
|
|
||||||
|
|
||||||
Even though the mounting logic is pretty complicated, the final result of Magic Mount is actually pretty simple. For each module, the folder `$MODPATH/system` will be recursively merged into the real `/system`; that is: existing files in the real system will be replaced by the one in modules' system, and new files in modules' system will be added to the real system.
|
The details of the actual implementation and algorithm of Magic Mount is omitted here, please directly dive into the source code if interested (`core/module.cpp`).
|
||||||
|
|
||||||
|
Even though the mounting logic is very complicated, the final result of Magic Mount is actually pretty simple. For each module, the folder `$MODPATH/system` will be recursively merged into the real `/system`; that is: existing files in the real system will be replaced by the one in modules' system, and new files in modules' system will be added to the real system.
|
||||||
|
|
||||||
There is one additional trick you can use: if you place an empty file named `.replace` in any of the folders in a module's system, instead of merging the contents, that folder will directly replace the one in the real system. This will be very handy in some cases, for example swapping out a system app.
|
There is one additional trick you can use: if you place an empty file named `.replace` in any of the folders in a module's system, instead of merging the contents, that folder will directly replace the one in the real system. This will be very handy in some cases, for example swapping out a system app.
|
||||||
|
|
||||||
If you want to replace files in `/vendor` or `/product`, please place them under `$MODPATH/system/vendor` or `$MODPATH/system/product`. Magisk will transparently handle both cases, whether vendor or product is a separate partition or not.
|
If you want to replace files in `/vendor` or `/product`, please place them under `$MODPATH/system/vendor` or `$MODPATH/system/product`. Magisk will transparently handle both cases, whether vendor or product is a separate partition or not.
|
||||||
|
|
||||||
## Miscellaneous
|
## SELinux Policies
|
||||||
Here are some tidbits in Magisk but unable to be categorized into any sections:
|
|
||||||
|
|
||||||
- Socket name randomization: when you call `su`, `magiskhide`, and some commands in `magisk`, it connects to the magisk daemon `magiskd` running in the background. The connections are established through an abstract Unix socket. Any process can go through all active Unix sockets and see if the specifc name used by Magisk is in the list to determine whether `magiskd` is running. Starting from v15.4, the abstract name used in `magiskd` and `magisklogd` are randomized by `magiskinit` on each boot.
|
Magisk will patch the stock `sepolicy` to make sure root and Magisk operations can be done in a safe and secure way. The new domain `magisk` is effectively permissive, which is what `magiskd` and all root shell will run in. `magisk_file` is a new file type that is setup to be allowed to be accessed by every domain (unrestricted file context).
|
||||||
- Sevice name randomization: each service started up by `init` will be recorded. Some apps will detect the name of magisk boot services to determine whether Magisk is installed. Starting from v17.2, the service name assigned in `init.magisk.rc` is randomized by `magiskinit`.
|
|
||||||
|
Before Android 8.0, all allowed su client domains are allowed to directly connect to `magiskd` and establish connection with the daemon to get a remote root shell. Magisk also have to relax some `ioctl` operations so root shells can function properly.
|
||||||
|
|
||||||
|
After Android 8.0, to reduce relaxation of rules in Android's sandbox, a new SELinux model is deployed. The `magisk` binary is labelled with `magisk_exec` file type, and processes running as allowed su client domains executing the `magisk` binary (this includes the `su` command) will transit to `magisk_client` by using a `type_transition` rule. Rules strictly restrict that only `magisk` domain processes are allowed to attribute files to `magisk_exec`. Direct connection to sockets of `magiskd` are not allowed; the only way to access the daemon is through a `magisk_client` process. These changes allow us to keep the sandbox intact, and keep Magisk specific rules separated from the rest of the policies.
|
||||||
|
|
||||||
|
The full set of rules can be found in `magiskpolicy/rules.cpp`.
|
||||||
|
11
docs/faq.md
Normal file
11
docs/faq.md
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Frequently Asked Questions
|
||||||
|
|
||||||
|
### Q: Why is X app detecting root?
|
||||||
|
|
||||||
|
Manually enable MagiskHide in settings (MagiskHide is no longer enabled by default). Also, there are known methods to detect Magisk, so your mileage may vary.
|
||||||
|
|
||||||
|
### Q: I installed a module and it bootlooped my device. Help!
|
||||||
|
|
||||||
|
If you have USB debugging enabled in developer options, connect your phone to the PC. If your device is detected (check by `adb devices`), enter ADB shell and run the command `magisk --remove-modules`. This will remove all your modules and automatically reboot the device.
|
||||||
|
|
||||||
|
If unfortunately you do not have USB debugging enabled, reboot into Safe Mode. Most modern Android devices support pressing a special key combo at boot to enter Safe Mode as an emergency option. Magisk will detect Safe Mode being activated, and all modules will be disabled. Then reboot back to normal mode (the module disable state persists) and manage your modules through Magisk Manager.
|
@ -1,5 +1,18 @@
|
|||||||
# Developer Guides
|
# Developer Guides
|
||||||
|
|
||||||
|
## BusyBox
|
||||||
|
Magisk ships with a feature complete BusyBox binary (including full SELinux support). The executable is located at `/data/adb/magisk/busybox`. Magisk's BusyBox supports runtime toggle-able "ASH Standalone Shell Mode". What this standalone mode means is that when running in the `ash` shell of BusyBox, every single command will directly use the applet within BusyBox, regardless of what is set as `PATH`. For example, commands like `ls`, `rm`, `chmod` will **NOT** use what is in `PATH` (in the case of Android by default it will be `/system/bin/ls`, `/system/bin/rm`, and `/system/bin/chmod` respectively), but will instead directly call internal BusyBox applets. This makes sure that scripts always run in a predictable environment and always have the full suite of commands no matter which Android version it is running on. To force a command *not* to use BusyBox, you have to call the executable with full paths.
|
||||||
|
|
||||||
|
Every single shell script running in the context of Magisk will be executed in BusyBox's `ash` shell with standalone mode enabled. For what is relevant to 3rd party developers, this includes all boot scripts and module installation scripts.
|
||||||
|
|
||||||
|
For those who want to use this "Standalone Mode" feature outside of Magisk, there are 2 ways to enable it:
|
||||||
|
|
||||||
|
1. Set environment variable `ASH_STANDALONE` to `1`<br>Example: `ASH_STANDALONE=1 /data/adb/magisk/busybox sh <script>`
|
||||||
|
2. Toggle with command-line options:<br>`/data/adb/magisk/busybox sh -o standalone <script>`
|
||||||
|
|
||||||
|
To make sure all subsequent `sh` shell executed also runs in standalone mode, option 1 is the preferred method (and this is what Magisk and Magisk Manager internally uses) as environment variables are inherited down to child processes.
|
||||||
|
|
||||||
|
|
||||||
## Magisk Modules
|
## Magisk Modules
|
||||||
A Magisk module is a folder placed in `/data/adb/modules` with the structure below:
|
A Magisk module is a folder placed in `/data/adb/modules` with the structure below:
|
||||||
|
|
||||||
@ -111,7 +124,7 @@ module.zip
|
|||||||
│ This script will be sourced by update-binary
|
│ This script will be sourced by update-binary
|
||||||
├── ...
|
├── ...
|
||||||
├── ... /* The rest of module's files */
|
├── ... /* The rest of module's files */
|
||||||
|
|
│
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Customization
|
#### Customization
|
||||||
@ -122,7 +135,7 @@ If you need even more customization and prefer to do everything on your own, dec
|
|||||||
|
|
||||||
#### `customize.sh` Environment
|
#### `customize.sh` Environment
|
||||||
|
|
||||||
Magisk's internal busybox's path `$BBPATH` is added in the front of `PATH`. The following variables and shell functions are available for convenience:
|
This script will run in Magisk's BusyBox `ash` shell with "Standalone Mode" enabled. The following variables and shell functions are available for convenience:
|
||||||
|
|
||||||
##### Variables
|
##### Variables
|
||||||
- `MAGISK_VER` (string): the version string of current installed Magisk (e.g. `v20.0`)
|
- `MAGISK_VER` (string): the version string of current installed Magisk (e.g. `v20.0`)
|
||||||
@ -215,25 +228,61 @@ In Magisk, there are also 2 kinds of scripts: **general scripts** and **module s
|
|||||||
- Placed in `/data/adb/post-fs-data.d` or `/data/adb/service.d`
|
- Placed in `/data/adb/post-fs-data.d` or `/data/adb/service.d`
|
||||||
- Only executed if the script is executable (execution permissions, `chmod +x script.sh`)
|
- Only executed if the script is executable (execution permissions, `chmod +x script.sh`)
|
||||||
- Scripts in `post-fs-data.d` runs in post-fs-data mode, and scripts in `service.d` runs in late_start service mode.
|
- Scripts in `post-fs-data.d` runs in post-fs-data mode, and scripts in `service.d` runs in late_start service mode.
|
||||||
- Will still be executed when **Core-Only** mode is enabled.
|
|
||||||
- Modules should **NOT** add general scripts since it violates encapsulation
|
- Modules should **NOT** add general scripts since it violates encapsulation
|
||||||
- Module Scripts
|
- Module Scripts
|
||||||
- Placed in the folder of the module
|
- Placed in the folder of the module
|
||||||
- Only executed if the module is enabled
|
- Only executed if the module is enabled
|
||||||
- `post-fs-data.sh` runs in post-fs-data mode, and `service.sh` runs in late_start service mode.
|
- `post-fs-data.sh` runs in post-fs-data mode, and `service.sh` runs in late_start service mode.
|
||||||
- Will NOT be executed when **Core-Only** mode is enabled (all modules are disabled)
|
|
||||||
- Modules require boot scripts should **ONLY** use module scripts instead of general scripts
|
- Modules require boot scripts should **ONLY** use module scripts instead of general scripts
|
||||||
|
|
||||||
Magisk's internal busybox's path `$BBPATH` is added in the front of `PATH`. This means all commands you call in scripts are always using busybox unless the applet is not included. This makes sure that your script always run in a predictable environment and always have the full suite of commands regardless of which Android version it is running on.
|
These scripts will run in Magisk's BusyBox `ash` shell with "Standalone Mode" enabled.
|
||||||
|
|
||||||
## Root Directory Overlay System
|
## Root Directory Overlay System
|
||||||
|
|
||||||
Since `/` is read-only in system-as-root devices, Magisk provides an overlay system, allowing developers to patch files / add new rc scripts. Additional files shall be placed in the `overlay.d` folder in the ramdisk, and they will have the following restrictions:
|
Since `/` is read-only on system-as-root devices, Magisk provides an overlay system to enable developers to replace files in rootdir or add new `*.rc` scripts. This feature is designed mostly for custom kernel developers.
|
||||||
|
|
||||||
- All `*.rc` files in `overlay.d` will be read and concatenated *AFTER* `init.rc`
|
Overlay files shall be placed in the `overlay.d` folder in boot image ramdisk, and they follow these rules:
|
||||||
- Replacing existing files are allowed.<br>
|
|
||||||
e.g. you can replace `/res/random.png` by adding the file `overlay.d/res/random.png`
|
1. All `*.rc` files in `overlay.d` will be read and concatenated **AFTER** `init.rc`
|
||||||
- Non-existing files will be ignored (with exceptions detailed in the next point).<br>
|
2. Existing files can be replaced by files located at the same relative path
|
||||||
e.g. `overlay.d/new_file` will be ignored if `/new_file` does not exist
|
3. Files that correspond to a non-existing file will be ignored
|
||||||
- Additional files in `overlay.d/sbin` is allowed as they will be copied into Magisk's sbin overlay.<br>
|
|
||||||
e.g. `overlay.d/sbin/libfoo.ko` will be copied to `/sbin/libfoo.ko`.
|
In order to have additional files which you want to reference in your custom `*.rc` scripts, add them in `overlay.d/sbin`. The 3 rules above does not apply to everything in this specific folder, as they will directly be copied to Magisk's internal `tmpfs` directory (which used to always be located at `/sbin`).
|
||||||
|
|
||||||
|
Due to changes in Android 11, the `/sbin` folder is no longer guaranteed to exist. In that case, Magisk randomly generates the `tmpfs` folder. Every occurrence of the pattern `${MAGISKTMP}` in your `*.rc` scripts will be replaced with the Magisk `tmpfs` folder when `magiskinit` injects it into `init.rc`. This also works on pre Android 11 devices as `${MAGISKTMP}` will simply be replaced with `/sbin` in this case, so the best practice is to **NEVER** hardcode `/sbin` in your `*.rc` scripts when referencing additional files.
|
||||||
|
|
||||||
|
Here is an example of how to setup `overlay.d` with custom `*.rc` script:
|
||||||
|
|
||||||
|
```
|
||||||
|
ramdisk
|
||||||
|
│
|
||||||
|
├── overlay.d
|
||||||
|
│ ├── sbin
|
||||||
|
│ │ ├── libfoo.ko <--- These 2 files will be copied
|
||||||
|
│ │ └── myscript.sh <--- to Magisk's tmpfs directory
|
||||||
|
│ ├── custom.rc <--- This file will be injected into init.rc
|
||||||
|
│ ├── res
|
||||||
|
│ │ └── random.png <--- This file will replace /res/random.png
|
||||||
|
│ └── new_file <--- This file will be ignored because
|
||||||
|
│ /new_file does not exist
|
||||||
|
├── res
|
||||||
|
│ └── random.png <--- This file will be replaced by
|
||||||
|
│ /overlay.d/res/random.png
|
||||||
|
├── ...
|
||||||
|
├── ... /* The rest of initramfs files */
|
||||||
|
│
|
||||||
|
```
|
||||||
|
|
||||||
|
Here is an example of the `custom.rc`:
|
||||||
|
|
||||||
|
```
|
||||||
|
# Use ${MAGISKTMP} to refer to Magisk's tmpfs directory
|
||||||
|
|
||||||
|
on early-init
|
||||||
|
setprop sys.example.foo bar
|
||||||
|
insmod ${MAGISKTMP}/libfoo.ko
|
||||||
|
start myservice
|
||||||
|
|
||||||
|
service myservice ${MAGISKTMP}/myscript.sh
|
||||||
|
oneshot
|
||||||
|
```
|
||||||
|
BIN
docs/images/device_info.png
Normal file
BIN
docs/images/device_info.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 145 KiB |
204
docs/install.md
204
docs/install.md
@ -1,147 +1,139 @@
|
|||||||
# Installation
|
# Installation
|
||||||
If you already have Magisk installed, it is **strongly recommended to upgrade directly via Magisk Manager**. The following tutorial is for first time users.
|
|
||||||
|
If you already have Magisk installed, it is **strongly recommended** to upgrade directly via Magisk Manager using the "Direct Install" method. The following tutorial is only for initial installation.
|
||||||
|
|
||||||
## Getting Started
|
## Getting Started
|
||||||
- If you are using a Huawei device running **EMUI 8 and higher**, please check [its section](#huawei).
|
|
||||||
- If you are using a Samsung device that is **launched with Android 9.0** (new devices in 2019), please check [its section](#samsung-system-as-root).
|
|
||||||
|
|
||||||
Otherwise, follow the instructions in [Knowing Your Device](#knowing-your-device), and choose the right steps
|
Before you start:
|
||||||
|
|
||||||
- If your device is **NOT** A/B, but **IS** using system-as-root, then you will have to install Magisk to the recovery partition of your device. Follow the instructions in [Boot Image Patching](#boot-image-patching), but instead of using your boot image, use your recovery image. **Read through the [Magisk in Recovery](#magisk-in-recovery) section!**
|
- This tutorial assumes you understand how to use `adb` and `fastboot`
|
||||||
- Otherwise, you can either follow the instructions in [Custom Recovery](#custom-recovery) (if your device has custom recovery available) or [Boot Image Patching](#boot-image-patching).
|
- Your device's bootloader has to be unlocked
|
||||||
|
- Make sure to remove any "boot image mods" such as other root solutions before installing Magisk. The easiest way is to restore the boot image with factory images, or reflash a *non-prerooted* custom ROM
|
||||||
|
- If you plan to also install custom kernels, install it after Magisk
|
||||||
|
|
||||||
Other notes:
|
---
|
||||||
|
|
||||||
- If you plan to install custom kernels, flash the zip **AFTER** installing Magisk
|
Download and install the latest Magisk Manager. We use the app to gather some information about your device. In the home screen, you should see this:
|
||||||
- Make sure to remove any 'boot image mods' such as other root solutions. The easiest way is to restore the boot image from factory images, or reflash a *non-prerooted* custom ROM
|
|
||||||
|
|
||||||
### Knowing Your Device
|
<p align="center"><img src="images/device_info.png" width="500"/></p>
|
||||||
If your device is running anything older than Android 7.1, skip this section as your device will not be using A/B nor system-as-root.
|
|
||||||
|
|
||||||
First, you need to know whether your device is using [A/B partitions](https://source.android.com/devices/tech/ota/ab). If you don't know, use a terminal (adb shell or any terminal emulator) to check with this command:
|
Pay special attention to the **Ramdisk** info. If the result is **Yes**, congratulations, your device is perfect for installing Magisk! However, if the result is **No**, this means your device's boot partition does **NOT** include ramdisk, and unfortunately you would have to go through some hoops to make Magisk work properly.
|
||||||
```
|
|
||||||
getprop ro.build.ab_update
|
|
||||||
```
|
|
||||||
If the result is `true`, then your device is using A/B partitions.
|
|
||||||
|
|
||||||
If your device is A/B, then your device is also certainly using [system-as-root](https://source.android.com/devices/bootloader/system-as-root). To find out whether you are using system-as-root on a non-A/B device, use a terminal to check with this command:
|
> **If your device does not have boot ramdisk, read the [Magisk in Recovery](#magisk-in-recovery) section after installing. The information in that section is VERY important!**
|
||||||
```
|
|
||||||
getprop ro.build.system_root_image
|
|
||||||
```
|
|
||||||
If the result is `true`, then your device is using system-as-root.
|
|
||||||
|
|
||||||
(P.S. If you are interested more regarding system-as-root, please check [this Twitter thread](https://twitter.com/topjohnwu/status/1174392824625676288))
|
If you are using a Samsung device and the **SAR** result is **Yes**, please check [its own section](#samsung-system-as-root).
|
||||||
|
|
||||||
|
If you are using a Huawei device and the **SAR** result is **Yes**, please check [its own section](#huawei).
|
||||||
|
|
||||||
|
Otherwise, continue to [Patching Images](#patching-images).
|
||||||
|
|
||||||
|
(P.S.1 If your device have boot ramdisk, you can also install with [Custom Recovery](#custom-recovery))<br>
|
||||||
|
(P.S.2 If you are interested in how Android boots and how it affects Magisk, check out [this document](#boot.md))
|
||||||
|
|
||||||
|
## Patching Images
|
||||||
|
|
||||||
|
If your device have boot ramdisk, you need a copy of the `boot.img`<br>
|
||||||
|
If your device does **NOT** have boot ramdisk, you need a copy of the `recovery.img`
|
||||||
|
|
||||||
|
You should be able to extract either of them from official firmware packages, your custom ROM zip (if using one), or go to [XDA-Developers](https://forum.xda-developers.com/) and seek for resources, guides, discussions, or ask for help in your device's forum.
|
||||||
|
|
||||||
|
- Copy the boot/recovery image to your device
|
||||||
|
- Press the **Install** button in the Magisk card
|
||||||
|
- If you are patching a recovery image, make sure **"Recovery Mode"** is checked in options.<br>In most cases it should already be automatically checked.
|
||||||
|
- Choose **"Select and Patch a File"** in method, and select the stock boot/recovery image
|
||||||
|
- Magisk Manager will patch the image to `[Internal Storage]/Download/magisk_patched.img`.
|
||||||
|
- Copy the patched image to your PC with ADB:<br>
|
||||||
|
`adb pull /sdcard/Download/magisk_patched.img`
|
||||||
|
- Flash the patched boot/recovery image to your device.<br>
|
||||||
|
For most devices, reboot into fastboot mode and flash with command:<br>
|
||||||
|
`fastboot flash boot /path/to/magisk_patched.img` or <br>
|
||||||
|
`fastboot flash recovery /path/to/magisk_patched.img` if flashing a recovery image
|
||||||
|
- Reboot and voila!
|
||||||
|
|
||||||
## Custom Recovery
|
## Custom Recovery
|
||||||
If your device has custom recovery support, the easiest way is to install it through custom recoveries, such as TWRP.
|
|
||||||
|
In some custom recoveries of modern devices, the installer scripts either cannot properly detect the correct device info, or the recovery environment does not meet its expectation, causing the installation to fail (or looks like success but actually bootloops). If you face any issues, use the [Patch Image](#patching-images) method as it is guaranteed to work 100% of the time. Due to this reason, we no longer recommend installing Magisk through custom recoveries on modern devices. The custom recovery installation method exists mostly for legacy support.
|
||||||
|
|
||||||
- Download the Magisk installer zip
|
- Download the Magisk installer zip
|
||||||
- Reboot to custom recovery
|
- Reboot to custom recovery
|
||||||
- Flash the zip and reboot
|
- Flash the zip and reboot
|
||||||
- Check whether Magisk Manager is installed. If for some reason it isn't installed automatically, manually install the APK
|
- Check whether Magisk Manager is installed. If it isn't installed automatically, manually install the APK.
|
||||||
|
|
||||||
## Boot Image Patching
|
|
||||||
You would want to choose this method if either your device does not have custom recoveries, your device is A/B and you don't want to mix recovery and boot images, or your device is using system-as-root without A/B partitions.
|
|
||||||
|
|
||||||
To use this method, you are required to obtain a copy of the stock boot/recovery image, which can be found by extracting OEM provided factory images or extracting from OTA update zips. If you are unable to obtain one yourself, you might be able to find it somewhere on the internet. The following instructions will guide you through the process after you have the copy of boot/recovery image.
|
|
||||||
|
|
||||||
- Copy the boot/recovery image to your device
|
|
||||||
- Download and install the latest Magisk Manager
|
|
||||||
- If you are patching a recovery image, **manually check "Recovery Mode" in Advanced Settings!**
|
|
||||||
- Press **Install → Install → Select and Patch a File**, and select your stock boot/recovery image file
|
|
||||||
- Magisk Manager will patch the image, and store it in `[Internal Storage]/Download/magisk_patched.img`
|
|
||||||
- Copy the patched image from your device to your PC. If you can't find it via MTP, you can pull the file with ADB: <br>
|
|
||||||
`adb pull /sdcard/Download/magisk_patched.img`
|
|
||||||
- Flash the patched boot/recovery image to your device and reboot. For most devices, here is the fastboot command: <br>
|
|
||||||
`fastboot flash boot /path/to/magisk_patched.img` or <br>
|
|
||||||
`fastboot flash recovery /path/to/magisk_patched.img` if you are patching a recovery image
|
|
||||||
|
|
||||||
## Magisk in Recovery
|
## Magisk in Recovery
|
||||||
Since some devices no longer use ramdisk in boot images, Magisk has no choice but to be installed in the recovery partition. For these devices, you will have to **boot to recovery every time** if you want Magisk. Since both Magisk and recovery lives in the same partition, what you actually end up getting when you choose to boot to recovery will be determined by **how long you press volume up**.
|
|
||||||
|
|
||||||
Each OEM and device has its own key combo to boot into recovery. For example on Samsung S10 it is **(Power + Bixby + Volume Up)**, and for Huawei it is **(Power + Volume Up)**. As soon as you press the combo and the device vibrates with a splash screen, the bootloader has already chosen which mode it is booting, either it be `boot`, `recovery`, or some OEM specific modes like `download`, `fastboot`, or `erecovery`. After the splash screen, release all buttons to boot into Magisk, since by default `recovery` mode will boot to the system with Magisk enabled. If you decide to boot to actual recovery, continue to press volume up until you see the recovery screen.
|
If your device does not have ramdisk in boot images, Magisk has no choice but to be installed in the recovery partition. For these devices, you will have to **reboot to recovery** every time you want Magisk.
|
||||||
|
|
||||||
**After installing Magisk in recovery:**
|
When Magisk is installed in your recovery, **you CANNOT use custom recoveries to install/upgrade Magisk!** The only way to install/upgrade Magisk is through Magisk Manager. The app will be aware of your device state and install to the correct partition and reboot into the correct mode.
|
||||||
- **(Powering up normally) → (System with NO Magisk)**
|
|
||||||
- **(OEM Recovery Key Combo) → (Splash screen) → (Release all buttons) → (System with Magisk)**
|
|
||||||
- **(OEM Recovery Key Combo) → (Splash screen) → (Keep pressing volume up) → (Actual recovery)**
|
|
||||||
|
|
||||||
Important Note: **You CANNOT use custom recoveries to install/upgrade Magisk!**
|
Since Magisk now hijacks the recovery of the device, there is a mechanism to let you *actually* boot into recovery mode when needed: it is determined by **how long you press volume up**.
|
||||||
|
|
||||||
|
Each device has its own key combo to boot into recovery, as an example for Galaxy S10 it is (Power + Bixby + Volume Up). A quick Google search should easily get you this info of your device. As soon as you press the combo and the device vibrates with a splash screen, release all buttons to boot into Magisk. If you decide to boot into actual recovery mode, continue to press volume up until you see the recovery screen.
|
||||||
|
|
||||||
|
**After installing Magisk in recovery (starting from power off):**
|
||||||
|
|
||||||
|
- **(Power up normally) → (System with NO Magisk)**
|
||||||
|
- **(Recovery Key Combo) → (Splash screen) → (Release all buttons) → (System with Magisk)**
|
||||||
|
- **(Recovery Key Combo) → (Splash screen) → (Keep pressing volume up) → (Recovery Mode)**
|
||||||
|
|
||||||
## Samsung (System-as-root)
|
## Samsung (System-as-root)
|
||||||
**If your device is NOT launched with Android 9.0 or higher (released after 2019), you are reading the wrong section.**
|
|
||||||
|
**If your device is NOT launched with Android 9.0 or higher, you are reading the wrong section.**
|
||||||
|
|
||||||
### Before Installing Magisk
|
### Before Installing Magisk
|
||||||
- Your device is non-A/B and uses system-as-root, so Magisk will be installed to the **recovery** partition of your device. **Please read the [Magisk in Recovery](#magisk-in-recovery) section!**
|
|
||||||
- Installing Magisk **WILL** trip KNOX
|
- Installing Magisk **WILL** trip KNOX
|
||||||
- Installing Magisk for the first time **REQUIRES** a full data wipe, backup before continue
|
- Installing Magisk for the first time **REQUIRES** a full data wipe (this is **NOT** counting the data wipe when unlocking bootloader). Backup your data before continue.
|
||||||
- You have to have your bootloader unlocked before following the instructions
|
|
||||||
|
|
||||||
### Unlocking Bootloader
|
### Unlocking Bootloader
|
||||||
Normally I wouldn't provide instructions for this, but since things had changed drastically from previous Samsung devices, and there are some caveats, I figure this would be helpful.
|
|
||||||
- Allow bootloader unlocking in Developer options → OEM unlocking
|
Unlocking BL on modern Samsung devices have some caveats, so I figure this would be helpful.
|
||||||
- Reboot your device to download mode. Either use `adb reboot download`, or use the key combo for your device.
|
|
||||||
|
- Allow bootloader unlocking in **Developer options → OEM unlocking**
|
||||||
|
- Reboot to download mode: reboot and press the download mode key combo for your device.
|
||||||
- Long press volume up to unlock the bootloader. **This will wipe your data and automatically reboot.**
|
- Long press volume up to unlock the bootloader. **This will wipe your data and automatically reboot.**
|
||||||
|
|
||||||
Just when you think the bootloader is unlocked, it is *actually* not! Samsung introduced `VaultKeeper`, meaning the bootloader will reject any unofficial partitions before `VaultKeeper` explicitly allows it.
|
If you think the bootloader is fully unlocked, it is actually not! Samsung introduced `VaultKeeper`, meaning the bootloader will still reject any unofficial partitions before `VaultKeeper` explicitly allows it.
|
||||||
|
|
||||||
- Go through the initial setup. Skip through all the steps since data will be wiped again later when we are installing Magisk. **Connect the device to internet in the setup!**
|
- Go through the initial setup. Skip through all the steps since data will be wiped again later when we are installing Magisk. **Connect the device to Internet during the setup.**
|
||||||
- Enable developer options, and **confirm that the OEM unlocking option exists and grayed out!** The `VaultKeeper` service will unleash the bootloader after it confirms that the user has the OEM unlocking option enabled.
|
- Enable developer options, and **confirm that the OEM unlocking option exists and is grayed out.** This means the `VaultKeeper` service has unleashed the bootloader.
|
||||||
- Your bootloader now accepts unofficial images in download mode.
|
- Your bootloader now accepts unofficial images in download mode.
|
||||||
|
|
||||||
### Instructions
|
### Instructions
|
||||||
1. Download the firmware for your device.
|
|
||||||
2. Unzip the firmware and copy the **AP** tar file to your device. It is normally named as `AP_[device_model_sw_ver].tar.md5`
|
|
||||||
3. Install the latest Magisk Manager
|
|
||||||
4. In Magisk Manager: **Install → Install → Select and Patch a File** and select the AP tar file.
|
|
||||||
5. Magisk Manager will patch the whole firmware file and store the output to
|
|
||||||
`[Internal Storage]/Download/magisk_patched.tar`
|
|
||||||
6. Copy the patched file to your PC with `adb pull /sdcard/Download/magisk_patched.tar`. Do not use MTP as it is reported to corrupt files.
|
|
||||||
7. Reboot to download mode, and flash `magisk_patched.tar` as AP in Odin, together with the BL, CP and HOME_CSC files. Never flash only an AP file, as Odin can shrink your `/data` file-system if you do.<br> **Important: Uncheck "Auto Reboot" in Options!**
|
|
||||||
8. Magisk is now successfully flashed to your device! But there are still several steps before you can properly use the device.
|
|
||||||
9. We now want to boot into the stock recovery to factory reset our device. <br>
|
|
||||||
**Full data wipe is mandatory! Do not skip this step.** <br>
|
|
||||||
Press *Power + Volume Down* to exit download mode. As soon as the screen turns off, immediately press the combo key to boot to recovery (e.g. on the S10 it is *Power + Bixby + Volume Up*). Since we want to boot into stock recovery, **continue pressing the volume up button until you see the stock recovery screen**.
|
|
||||||
10. Use volume buttons to navigate through the stock recovery menu, and the power button to select an option. Choose *Wipe data/factory reset* to wipe the data of the device.
|
|
||||||
11. This time, we can finally boot to the system with Magisk. Select *Reboot system now*, and immediately press the combo key to recovery. After seeing the bootloader warning screen, release all buttons so it can boot to the system.
|
|
||||||
12. The device will automatically reboot for the first time it boots. This is completely normal and done by design.
|
|
||||||
13. After the device is booted up, do the usual initial setup. **The following steps will need an internet connection.**
|
|
||||||
14. You shall see Magisk Manager in your app drawer; if not, manually install the APK you downloaded in step 3 and continue to the next step. The app would be a stub and it shall automatically upgrade to the full Magisk Manager when you open it.
|
|
||||||
15. Magisk Manager will ask to do additional setups. Let it do its job and the app will automatically reboot your device.
|
|
||||||
16. Voila! Enjoy Magisk :)
|
|
||||||
|
|
||||||
### Additional Info
|
- Use either [Frija](https://forum.xda-developers.com/s10-plus/how-to/tool-frija-samsung-firmware-downloader-t3910594) or [Samloader](https://forum.xda-developers.com/s10-plus/how-to/tool-samloader-samfirm-frija-replacement-t4105929) to download the latest firmware zip of your device directly from Samsung servers.
|
||||||
- Magisk actually patches 3 partitions on your device:
|
- Unzip the firmware and copy the `AP` tar file to your device. It is normally named as `AP_[device_model_sw_ver].tar.md5`
|
||||||
- `vbmeta`: replace with empty vbmeta image to disable partition verification
|
- Press the **Install** button in the Magisk card
|
||||||
- `boot`: remove the signature of the image to prevent soft bricks
|
- If your device does **NOT** have boot ramdisk, make sure **"Recovery Mode"** is checked in options.<br>In most cases it should already be automatically checked.
|
||||||
- `recovery`: this is where Magisk is actually installed
|
- Choose **"Select and Patch a File"** in method, and select the `AP` tar file
|
||||||
- **Never, ever** try to restore either of the 3 images mentioned back to stock! You can easily brick your device by doing so, and the only way out is to do full Odin restore following with factory reset. Just don't do it.
|
- Magisk Manager will patch the whole firmware file to `[Internal Storage]/Download/magisk_patched.tar`
|
||||||
- If you want to upgrade your device, **never** flash the stock **AP** tar file with the reasons mentioned above. **Always** pre-patch the firmware before flashing in Odin.
|
- Copy the patched tar file to your PC with ADB:<br>
|
||||||
- If you don't need to patch the full firmware, you can manually create a tar file with **at least** `vbmeta.img`, `boot.img`, and `recovery.img` to let Magisk Manager patch your images in the proper way.
|
`adb pull /sdcard/Download/magisk_patched.tar`<br>
|
||||||
|
Do **NOT** use MTP as it is reported to corrupt files.
|
||||||
|
- Reboot to download mode. Open Odin on your PC, and flash `magisk_patched.tar` as `AP`, together with `BL`, `CP`, and `CSC` (**NOT** `HOME_CSC` because we want to **wipe data**) from the original firmware.
|
||||||
|
- After Odin is done, your device should reboot. You may continue with standard initial setup.
|
||||||
|
- If your device does **NOT** have boot ramdisk, reboot to recovery now to boot Android with Magisk (reason stated in [Magisk in Recovery](#magisk-in-recovery)).
|
||||||
|
- Although Magisk is installed, it still need some additional setup. Please connect to the Internet.
|
||||||
|
- Install the latest Magisk Manager and open the app. It should show a dialog asking for additional setups. Let it do its job and the app will automatically reboot your device.
|
||||||
|
- Voila! Enjoy Magisk 😃
|
||||||
|
|
||||||
|
### Additional Notes
|
||||||
|
|
||||||
|
- **Never, ever** try to restore either `boot` or `recovery` partitions back to stock! You can easily brick your device by doing so, and the only way out is to do a full Odin restore with data wipe.
|
||||||
|
- To upgrade your device with a new firmware, **NEVER** directly use the stock `AP` tar file with reasons mentioned above. **Always** pre-patch `AP` in Magisk Manager before flashing in Odin.
|
||||||
|
- Use `HOME_CSC` to preserve your data when doing a firmware upgrade. Using `CSC` is only necessary for the initial installation.
|
||||||
|
- Never just flash only `AP`, or else Odin can shrink your `/data` filesystem. Flash full `AP` + `BL` + `CP` + `HOME_CSC` when upgrading.
|
||||||
|
|
||||||
## Huawei
|
## Huawei
|
||||||
Huawei devices using Kirin processors have a different partitioning method from most common devices. Magisk is usually installed to the `boot` partition of the device, however Huawei devices do not have this partition. Depending on what EMUI version your device is running, the instructions will be slightly different.
|
Magisk no longer officially support modern Huawei devices as the bootloader on their devices are not unlockable, and more importantly they do not follow standard Android partitioning schemes. The following are some general guidance for the few who managed to unlock their bootloader and really want to root it.
|
||||||
|
|
||||||
### Obtain Stock Images
|
Huawei devices using Kirin processors have a different partitioning method from most common devices. Magisk is usually installed to the `boot` partition of the device, however Huawei devices do not have this partition.
|
||||||
Huawei does not release official factory images, however most firmware zips can be downloaded from the [Huawei Firmware Database](http://pro-teammt.ru/firmware-database/). To extract images from `UPDATE.APP` in the zip, you have to use [Huawei Update Extractor](https://forum.xda-developers.com/showthread.php?t=2433454) (Windows only!)
|
|
||||||
|
|
||||||
### EMUI 8
|
Generally, follow [Patching Images](#patching-images) with some differences from the original instructions:
|
||||||
For EMUI 8 devices, your device has a partition named `ramdisk`, which is where Magisk is going to be installed.
|
|
||||||
|
|
||||||
- If you plan to use custom recoveries, simply follow the instructions for custom recovery and you're all set.
|
- After downloading your firmware zip (you may find a lot in [Huawei Firmware Database](http://pro-teammt.ru/firmware-database/)), you have to extract images from `UPDATE.APP` in the zip with [Huawei Update Extractor](https://forum.xda-developers.com/showthread.php?t=2433454) (Windows only!)
|
||||||
- If you plan not to use custom recoveries, you will have to extract `RAMDISK.img` from your firmware. Follow the instructions for boot image patching above, but use the `RAMDISK.img` file instead of a boot image.
|
- Regarding patching images:
|
||||||
- To flash the patched image to your device, here is the fastboot command: <br>
|
- If your device has boot ramdisk, patch `RAMDISK.img` instead of `boot.img`
|
||||||
`fastboot flash ramdisk /path/to/magisk_patched.img` <br>
|
- If your device does **NOT** have boot ramdisk, patch `RECOVERY_RAMDIS.img` (this is not a typo) instead of `recovery.img`
|
||||||
Be aware you are flashing to `ramdisk`, not `boot`!
|
- When flashing the image back with `fastboot`
|
||||||
|
- If you patched `RAMDISK.img`, flash with command `fastboot flash ramdisk magisk_patched.img`
|
||||||
### EMUI 9 or Higher
|
- If you patched `RECOVERY_RAMDIS.img`, flash with command `fastboot flash recovery_ramdisk magisk_patched.img`
|
||||||
For EMUI 9+ devices, the `ramdisk` partition no longer exists. As a workaround, Magisk will be installed to the `recovery_ramdisk` partition. **Please read the [Magisk in Recovery](#magisk-in-recovery) section before following the instructions below!**
|
|
||||||
|
|
||||||
*Note: As I tested on my Honor View 10, Huawei's kernel does not seem to be able to capture key button press events in early boot, so long pressing Volume Up does **NOT** boot to recovery on my device. Your experience may vary.*
|
|
||||||
|
|
||||||
- If you plan to use custom recoveries, simply follow the instructions for custom recovery and you're all set. <br>
|
|
||||||
**Warning: Magisk will overwrite the custom recovery.**
|
|
||||||
- If you plan not to use custom recoveries, you will have to extract `RECOVERY_RAMDIS.img` from your firmware. Follow the instructions for boot image patching above, but use the `RECOVERY_RAMDIS.img` file instead of a boot image.
|
|
||||||
- To flash the patched image to your device, here is the fastboot command: <br>
|
|
||||||
`fastboot flash recovery_ramdisk /path/to/magisk_patched.img` <br>
|
|
||||||
Be aware you are flashing to `recovery_ramdisk`, not `boot`!
|
|
||||||
|
@ -34,4 +34,4 @@ If you decide to start by installing Magisk without touching your recovery parti
|
|||||||
- If you have a copy of your stock image dump, install Magisk by using Magisk Manager's "patch images" feature
|
- If you have a copy of your stock image dump, install Magisk by using Magisk Manager's "patch images" feature
|
||||||
- Once you restored back to stock recovery and other images, download the OTA. Optionally, once you have downloaded the OTA update zip, find a way to extract the zip (as it usually involved root)
|
- Once you restored back to stock recovery and other images, download the OTA. Optionally, once you have downloaded the OTA update zip, find a way to extract the zip (as it usually involved root)
|
||||||
- Apply the OTA and reboot your device. This will use the official stock OTA installation mechanism of your device to upgrade your system.
|
- Apply the OTA and reboot your device. This will use the official stock OTA installation mechanism of your device to upgrade your system.
|
||||||
- Once it's done you will be left with an upgraded, 100% stock, un-rooted device. You will have to manually flash Magisk back. Consider using the methods stated in step 1. to flash Magisk without touching the recovery partition if you want to receive stock OTAs frequently.
|
- Once it's done you will be left with an upgraded, 100% stock, un-rooted device. You will have to manually flash Magisk back. Consider using the methods stated in step 1. to flash Magisk without touching the recovery partition if you want to receive stock OTAs frequently.
|
||||||
|
104
docs/tools.md
104
docs/tools.md
@ -46,7 +46,7 @@ Supported actions:
|
|||||||
Search <hexpattern1> in <file>, and replace with <hexpattern2>
|
Search <hexpattern1> in <file>, and replace with <hexpattern2>
|
||||||
|
|
||||||
cpio <incpio> [commands...]
|
cpio <incpio> [commands...]
|
||||||
Do cpio commands to <incpio> (modifications are done directly)
|
Do cpio commands to <incpio> (modifications are done in-place)
|
||||||
Each command is a single argument, add quotes for each command
|
Each command is a single argument, add quotes for each command
|
||||||
Supported commands:
|
Supported commands:
|
||||||
exists ENTRY
|
exists ENTRY
|
||||||
@ -68,8 +68,8 @@ Supported actions:
|
|||||||
Return values:
|
Return values:
|
||||||
0:stock 1:Magisk 2:unsupported (phh, SuperSU, Xposed)
|
0:stock 1:Magisk 2:unsupported (phh, SuperSU, Xposed)
|
||||||
patch
|
patch
|
||||||
Apply ramdisk patches. Configure settings with env variables:
|
Apply ramdisk patches
|
||||||
KEEPVERITY KEEPFORCEENCRYPT
|
Configure with env variables: KEEPVERITY KEEPFORCEENCRYPT
|
||||||
backup ORIG
|
backup ORIG
|
||||||
Create ramdisk backups from ORIG
|
Create ramdisk backups from ORIG
|
||||||
restore
|
restore
|
||||||
@ -83,10 +83,10 @@ Supported actions:
|
|||||||
print [-f]
|
print [-f]
|
||||||
Print all contents of dtb for debugging
|
Print all contents of dtb for debugging
|
||||||
Specify [-f] to only print fstab nodes
|
Specify [-f] to only print fstab nodes
|
||||||
patch [OUT]
|
patch
|
||||||
Search for fstab and remove verity/avb
|
Search for fstab and remove verity/avb
|
||||||
If [OUT] is not specified, it will directly output to <input>
|
Modifications are done directly to the file in-place
|
||||||
Configure with env variables: KEEPVERITY TWOSTAGEINIT
|
Configure with env variables: KEEPVERITY
|
||||||
|
|
||||||
split <input>
|
split <input>
|
||||||
Split image.*-dtb into kernel + kernel_dtb
|
Split image.*-dtb into kernel + kernel_dtb
|
||||||
@ -138,57 +138,60 @@ If neither --load or --compile-split is specified, it will load
|
|||||||
from current live policies (/sys/fs/selinux/policy)
|
from current live policies (/sys/fs/selinux/policy)
|
||||||
|
|
||||||
One policy statement should be treated as one parameter;
|
One policy statement should be treated as one parameter;
|
||||||
this means a full policy statement should be enclosed in quotes.
|
this means each policy statement should be enclosed in quotes.
|
||||||
Multiple policy statements can be provided in a single command.
|
Multiple policy statements can be provided in a single command.
|
||||||
|
|
||||||
The statements has a format of "<rule_name> [args...]"
|
Statements has a format of "<rule_name> [args...]".
|
||||||
Multiple types and permissions can be grouped into collections
|
Arguments labeled with (^) can accept one or more entries. Multiple
|
||||||
wrapped in curly brackets.
|
entries consist of a space separated list enclosed in braces ({}).
|
||||||
'*' represents a collection containing all valid matches.
|
Arguments labeled with (*) are the same as (^), but additionally
|
||||||
|
support the match-all operator (*).
|
||||||
|
|
||||||
|
Example: "allow { s1 s2 } { t1 t2 } class *"
|
||||||
|
Will be expanded to:
|
||||||
|
|
||||||
|
allow s1 t1 class { all-permissions-of-class }
|
||||||
|
allow s1 t2 class { all-permissions-of-class }
|
||||||
|
allow s2 t1 class { all-permissions-of-class }
|
||||||
|
allow s2 t2 class { all-permissions-of-class }
|
||||||
|
|
||||||
Supported policy statements:
|
Supported policy statements:
|
||||||
|
|
||||||
Type 1:
|
"allow *source_type *target_type *class *perm_set"
|
||||||
"<rule_name> source_type target_type class perm_set"
|
"deny *source_type *target_type *class *perm_set"
|
||||||
Rules: allow, deny, auditallow, dontaudit
|
"auditallow *source_type *target_type *class *perm_set"
|
||||||
|
"dontaudit *source_type *target_type *class *perm_set"
|
||||||
|
|
||||||
Type 2:
|
"allowxperm *source_type *target_type *class operation xperm_set"
|
||||||
"<rule_name> source_type target_type class operation xperm_set"
|
"auditallowxperm *source_type *target_type *class operation xperm_set"
|
||||||
Rules: allowxperm, auditallowxperm, dontauditxperm
|
"dontauditxperm *source_type *target_type *class operation xperm_set"
|
||||||
* The only supported operation is ioctl
|
- The only supported operation is 'ioctl'
|
||||||
* The only supported xperm_set format is range ([low-high])
|
- xperm_set format is either 'low-high', 'value', or '*'.
|
||||||
|
'*' will be treated as '0x0000-0xFFFF'.
|
||||||
|
All values should be written in hexadecimal.
|
||||||
|
|
||||||
Type 3:
|
"permissive ^type"
|
||||||
"<rule_name> class"
|
"enforce ^type"
|
||||||
Rules: create, permissive, enforcing
|
|
||||||
|
|
||||||
Type 4:
|
"typeattribute ^type ^attribute"
|
||||||
"attradd class attribute"
|
|
||||||
|
|
||||||
Type 5:
|
"type type_name ^(attribute)"
|
||||||
"<rule_name> source_type target_type class default_type"
|
- Argument 'attribute' is optional, default to 'domain'
|
||||||
Rules: type_transition, type_change, type_member
|
|
||||||
|
|
||||||
Type 6:
|
"attribute attribute_name"
|
||||||
"name_transition source_type target_type class default_type object_name"
|
|
||||||
|
|
||||||
Notes:
|
"type_transition source_type target_type class default_type (object_name)"
|
||||||
* Type 4 - 6 does not support collections
|
- Argument 'object_name' is optional
|
||||||
* Object classes cannot be collections
|
|
||||||
* source_type and target_type can also be attributes
|
|
||||||
|
|
||||||
Example: allow { s1 s2 } { t1 t2 } class *
|
"type_change source_type target_type class default_type"
|
||||||
Will be expanded to:
|
"type_member source_type target_type class default_type"
|
||||||
|
|
||||||
allow s1 t1 class { all-permissions }
|
"genfscon fs_name partial_path fs_context"
|
||||||
allow s1 t2 class { all-permissions }
|
|
||||||
allow s2 t1 class { all-permissions }
|
|
||||||
allow s2 t2 class { all-permissions }
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
### magisk
|
### magisk
|
||||||
When the magisk binary is called with the name `magisk`, it works as an utility tool with many helper functions and the entry points for several Magisk services.
|
When the magisk binary is called with the name `magisk`, it works as a utility tool with many helper functions and the entry points for several Magisk services.
|
||||||
|
|
||||||
```
|
```
|
||||||
Usage: magisk [applet [arguments]...]
|
Usage: magisk [applet [arguments]...]
|
||||||
@ -199,21 +202,22 @@ Options:
|
|||||||
-v print running daemon version
|
-v print running daemon version
|
||||||
-V print running daemon version code
|
-V print running daemon version code
|
||||||
--list list all available applets
|
--list list all available applets
|
||||||
--daemon manually start magisk daemon
|
|
||||||
--remove-modules remove all modules and reboot
|
--remove-modules remove all modules and reboot
|
||||||
--[init trigger] start service for init trigger
|
--install-module ZIP install a module zip file
|
||||||
|
|
||||||
Advanced Options (Internal APIs):
|
Advanced Options (Internal APIs):
|
||||||
|
--daemon manually start magisk daemon
|
||||||
|
--[init trigger] start service for init trigger
|
||||||
|
Supported init triggers:
|
||||||
|
post-fs-data, service, boot-complete
|
||||||
--unlock-blocks set BLKROSET flag to OFF for all block devices
|
--unlock-blocks set BLKROSET flag to OFF for all block devices
|
||||||
--restorecon restore selinux context on Magisk files
|
--restorecon restore selinux context on Magisk files
|
||||||
--clone-attr SRC DEST clone permission, owner, and selinux context
|
--clone-attr SRC DEST clone permission, owner, and selinux context
|
||||||
--clone SRC DEST clone SRC to DEST
|
--clone SRC DEST clone SRC to DEST
|
||||||
--sqlite SQL exec SQL commands to Magisk database
|
--sqlite SQL exec SQL commands to Magisk database
|
||||||
|
--path print Magisk tmpfs mount path
|
||||||
|
|
||||||
Supported init triggers:
|
Available applets:
|
||||||
post-fs-data, service, boot-complete
|
|
||||||
|
|
||||||
Supported applets:
|
|
||||||
su, resetprop, magiskhide
|
su, resetprop, magiskhide
|
||||||
```
|
```
|
||||||
|
|
||||||
@ -254,10 +258,10 @@ Options:
|
|||||||
|
|
||||||
Flags:
|
Flags:
|
||||||
-v print verbose output to stderr
|
-v print verbose output to stderr
|
||||||
-n set properties without init triggers
|
-n set properties without going through init
|
||||||
only affects setprop
|
affects setprop and prop file loading
|
||||||
-p access actual persist storage
|
-p also access props directly from persist storage
|
||||||
only affects getprop and deleteprop
|
affects getprop and delprop
|
||||||
```
|
```
|
||||||
|
|
||||||
### magiskhide
|
### magiskhide
|
||||||
|
Loading…
x
Reference in New Issue
Block a user